FBI Director: We're Only Forcing Apple To Undermine Security Because We Chase Down Every Lead

from the bull-and-shit dept

Over the weekend the narrative the FBI has been trying to spread around the legal effort to get Apple to build a system that lets the FBI hack Apple customers began to crumble, as it was revealed that the FBI's own actions were largely responsible for the fact that the information on Syed Farook's phone was no longer accessible. That gave more and more weight to the argument that the whole reason that the FBI did this was to set a precedent that judges can force companies to hack their own customers, should the FBI want them to do so. Again, it seems fairly obvious that the FBI chose this case in particular, because basically everyone agrees that Farook and his wife were bad people who murdered a bunch of Farook's co-workers. That obviously makes the FBI's case more sympathetic for setting a precedent. But with the shady actions that resulted in the data being locked up, that nice story was starting to slip away.

Apparently the FBI decided to send in the big guns to try to rescue the narrative. FBI Director Jim Comey -- the guy who's been fear mongering the longest about strong encryption -- put up a blog post on the surveillance apologist blog Lawfare -- in which he insists that this case isn't about all the things it's really about:
The San Bernardino litigation isn't about trying to set a precedent or send any kind of message.
No, he claims, it's really because the FBI wants to "look the survivors in the eye" and say they followed every lead:
It is about the victims and justice. Fourteen people were slaughtered and many more had their lives and bodies ruined. We owe them a thorough and professional investigation under law. That's what this is. The American people should expect nothing less from the FBI.

The particular legal issue is actually quite narrow. The relief we seek is limited and its value increasingly obsolete because the technology continues to evolve. We simply want the chance, with a search warrant, to try to guess the terrorist's passcode without the phone essentially self-destructing and without it taking a decade to guess correctly. That's it. We don't want to break anyone's encryption or set a master key loose on the land. I hope thoughtful people will take the time to understand that. Maybe the phone holds the clue to finding more terrorists. Maybe it doesn’t. But we can't look the survivors in the eye, or ourselves in the mirror, if we don't follow this lead.
Of course, if you know anything about the FBI and how it operates, this is guffaw inducing. There are tons of cases where the FBI doesn't follow every lead possible. In fact, it has a pretty long history of ignoring important leads. And, lately, the FBI's main focus seems to be on creating its own terrorist plots so it can have its agents play dress up and pretend they took down a terrorist ring. In many of those cases, the FBI failed to chase down tons of leads, and instead entrapped or framed otherwise innocent people. The idea that it suddenly is concerned with chasing down every lead is ludicrous.

Comey is playing politics here, not giving a legitimate reason. And, yes, while some of the families of victims in San Bernardino are supporting the FBI, some of them think the FBI is going too far.
The ex-wife of another deceased victim, meanwhile, said she is concerned that the court might be jeopardizing iPhone users’ privacy rights.

Karen Fagan, of Upland, is the ex-wife of Harry “Hal” Bowman and mother of their two daughters.

“This is a very different thing than asking for data that is Apple’s possession,” Fagan wrote in an email. “They have complied with all of those requests. This is asking them to build a new piece of technology that could be used to invade the privacy of any iPhone. Furthermore, the FBI is citing an act written in 1789 (instead of new legislative action) to justify their request.

“I know that it is a tempting argument to say that we should allow government access to private information in order to make people feel safe. After all, the argument goes, people who aren’t breaking the law have nothing to hide. While that may be true, American citizens have been granted privacy rights, and this request breaches those rights,” Fagan wrote.
How will Comey look Karen Fagan in the eye and tell her he jeopardized the privacy and safety of millions of Americans just to find out that there's nothing useful on the guy everyone already knows murdered her husband?

Comey, meanwhile, reverts back to the same talking point he's been making for months, that he just wants a "public debate" on this:
Reflecting the context of this heart-breaking case, I hope folks will take a deep breath and stop saying the world is ending, but instead use that breath to talk to each other. Although this case is about the innocents attacked in San Bernardino, it does highlight that we have awesome new technology that creates a serious tension between two values we all treasure: privacy and safety. That tension should not be resolved by corporations that sell stuff for a living. It also should not be resolved by the FBI, which investigates for a living. It should be resolved by the American people deciding how we want to govern ourselves in a world we have never seen before. We shouldn't drift to a place—or be pushed to a place by the loudest voices—because finding the right place, the right balance, will matter to every American for a very long time.
And yet, we've had that discussion and the public spoke out by buying and using tools with strong encryption -- and by telling Congress they didn't want a law outlawing strong encryption. So, contrary to Comey's claims, it is the FBI that's trying to force the issue by going to court over this particular search warrant.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: backdoor, encryption, fbi, going dark, hacking, james comey, precedent, san bernardino, syed farook
Companies: apple


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. icon
    That One Guy (profile), 22 Feb 2016 @ 5:11am

    'Shame', clearly not in the FBI dictionary

    So he doesn't want to 'let the survivors down' by not chasing every possible lead, because that just wouldn't be right, but he has no problem using the dead for his own purposes, because hey, if you've got some corpses might as well put them to good use, right?

    The FBI doesn't give a damn about those that died, all they care about is using the emotional impact from that for their own ends, and that, not 'not following every lead' is what should be keeping them from meeting their own eyes in the mirror, though that would require them to be able to experience shame over their actions, which is clearly not the case for at least one member of the FBI.

    Although this case is about the innocents attacked in San Bernardino, it does highlight that we have awesome new technology that creates a serious tension between two values we all treasure: privacy and safety

    Well, not all of us clearly, as the FBI's actions in attempting to cripple encryption are showing respect for neither privacy or safety. Someone, whether individual or group, who valued privacy and safety would not be doing everything in their power to undermine something that protects both simply to make their job easier.

    link to this | view in thread ]

  2. icon
    TechDescartes (profile), 22 Feb 2016 @ 6:41am

    Can I get another piece of paper?

    Maybe Apple should just concede and begin decrypting the phone, using whatever methods existed in '89.

    1789, that is.

    link to this | view in thread ]

  3. identicon
    Anonymous Coward, 22 Feb 2016 @ 6:53am

    They've never cared about justice before, so why are they suddenly pretending to care about justice now?

    link to this | view in thread ]

  4. identicon
    Jason, 22 Feb 2016 @ 6:59am

    We simply want the chance, with a search warrant, to try to guess the terrorist's passcode without the phone essentially self-destructing and without it taking a decade to guess correctly. That's it. We don't want to break anyone's encryption or set a master key loose on the land. I hope thoughtful people will take the time to understand that.
    Is it really completely lost on Mr. Comey that if law enforcement had been more willing, these past few years, to go after information they wanted by getting a search warrant, a whole lot of this might have been unnecessary? I wish the FBI (NSA, etc.) would take the time to understand that.

    link to this | view in thread ]

  5. identicon
    Anonymous Coward, 22 Feb 2016 @ 7:01am

    Comey - Of course we want a "public debate" on encryption and after we're done scaring the public so bad they agree that encryption is the devil and needs to be broken we'll have that "debate" dammit!

    link to this | view in thread ]

  6. identicon
    Anonymous Coward, 22 Feb 2016 @ 7:09am

    We don't want to break anyone's encryption or set a master key loose on the land

    Sophistry. What you want is to set the precedent that you can use a warrant to order a software company to remove protections against repeated tries to login to a system, and have them install it on targeted machines via a software update, and that leads to using a warrant to have it installed on machines being used by people you suspect of criminal activity. Next you will want to use a warrant to force software companies to make other changes to their operating systems for national security purposes, and you have available a secret court to do that for you, along with gaga orders to hide what you are doing.

    link to this | view in thread ]

  7. icon
    Designerfx (profile), 22 Feb 2016 @ 7:10am

    What about 9/11?

    If the FBI is all about chasing every lead, why don't we ask them directly what happened with 9/11?

    Oh right.

    *drops mic*

    link to this | view in thread ]

  8. identicon
    Anonymous Coward, 22 Feb 2016 @ 7:14am

    Re: Can I get another piece of paper?

    The court just said Apple needs to start working on backdoor software. They didn't specify Apple has to put anyone competent on the project, did they?

    link to this | view in thread ]

  9. identicon
    Anonymous Coward, 22 Feb 2016 @ 7:26am

    Re: Re: Can I get another piece of paper?

    "The court just said Apple needs to start working on backdoor software. They didn't specify Apple has to put anyone competent on the project, did they?"

    I believe that there's a number of ex-OPM employees available for hire...

    link to this | view in thread ]

  10. icon
    MadAsASnake (profile), 22 Feb 2016 @ 7:31am

    What about the elephant?

    If the FBI was any good at all at this, there would be no dead people. I wonder if Comey is prepared to look the bereaved families in the eye and explain why, with all the access and resources they already have, they cannot find these people before they commit these atrocities?

    link to this | view in thread ]

  11. icon
    Trails (profile), 22 Feb 2016 @ 7:32am

    If hopes and feels were fish and eels, the ocean would have no room for water

    We don't want to break anyone's encryption or set a master key loose on the land. I hope thoughtful people will take the time to understand that, despite the fact that what we are asking for will set loose a master key upon the land. It's like they say, it's the thought that counts.


    Fixed that for Comey.

    link to this | view in thread ]

  12. icon
    Ryunosuke (profile), 22 Feb 2016 @ 7:33am

    James Comey really should have a good sit down and chat with Ben Franklin. You know, the guy that said something about sacrificing freedom for security deserves neither line.

    link to this | view in thread ]

  13. identicon
    Pixelation, 22 Feb 2016 @ 7:41am

    It bears repeating

    If Apple is forced to install backdoors into their phones, no one will trust the situation. Based on the current "Big Brother" mentality of those who are meant to represent us, how are we to trust that a backdoor won't be abused? A secret interpretation of a Constitutionally questionable law, used in a secret court, forcing Apple et al. to give unfettered access to peoples phones. This is formerly tinfoil hat stuff, yet here we are.

    Worse yet, even if Apple isn't forced to install backdoors, who will really trust the situation anyway?

    link to this | view in thread ]

  14. identicon
    Anonymous Coward, 22 Feb 2016 @ 7:42am

    "...I hope folks will take a deep breath and stop saying the world is ending, but instead use that breath to talk to each other."

    The irony is so thick you could use it to build pyramids in Egypt or a wall in China that would NEVER crumble!

    link to this | view in thread ]

  15. identicon
    Anonymous Coward, 22 Feb 2016 @ 7:42am

    Re:

    "Trust us, or else."

    link to this | view in thread ]

  16. icon
    Lord_Unseen (profile), 22 Feb 2016 @ 7:44am

    I'm terrified to admit this, but I think what the FBI is asking for is surprisingly restrained and limited. Asking them to remove the passcode limits so they can more efficiently brute-force the thing is almost admirable compared to what they've been asking for. At least they're going to do some work in this thing.

    That being said, terrifies me that Apple can do this at all. Note that I didn't say they were willing to do this, only that they can. This means that Apple isn't building a backdoor, so much as they already have one that they will use to accomplish this. If you can perform firmware/OS updates that remove security features with the device supposedly unlockable/uncrackable, that's a backdoor. It already exists and Apple just tipped their hand.

    link to this | view in thread ]

  17. identicon
    Anonymous Coward, 22 Feb 2016 @ 7:47am

    Re:

    "gaga orders" NOT a typo. The FBI is gaga for these. They just love 'em!

    link to this | view in thread ]

  18. identicon
    Anonymous Coward, 22 Feb 2016 @ 7:48am

    Re:

    James Comey is not sacrificing his freedom, or that of the elites, just the security and freedom of everybody else, so that the position and privileges of the elites can be secured for all time. He will realise his mistake if he lives long enough to see the pitchforks come out, along with the guillotines being erected.

    link to this | view in thread ]

  19. identicon
    Anonymous Coward, 22 Feb 2016 @ 7:49am

    Re:

    This may be so, but you can bet that they new version of iOS will not allow any such actions.

    link to this | view in thread ]

  20. icon
    Doug (profile), 22 Feb 2016 @ 7:51am

    Conversation

    The whole "conversation" gambit has a perverse and beautiful simplicity to it. You can use it whenever you're faced with resistance to a stand you are taking, and it makes you sound "reasonable": "I'm not the bad guy here. I just want to have a 'conversation' to figure out the right way to do this."

    But it's a trap for the other side. As soon as they say anything that doesn't have the same facade of conciliation, then you can criticize them for being "extreme".

    Further, you can always rehash old ground or backtrack in your argument by saying you just want to "continue" the "conversation".

    All it really is, is a stalling and deflection tactic, allowing you to wait for another chance. When you hear someone use it, there's something slimy going on.

    link to this | view in thread ]

  21. identicon
    Anonymous Coward, 22 Feb 2016 @ 7:51am

    Re: What about the elephant?

    The FBI never was nor intended to be an intelligence service. Such activities are best left to the CIA and NSA, though admittedly they have their own problems.

    And yes we have been for years sliding down 'slippery slopes' because preventing these atrocities requires spying on US citizens on US soil.

    link to this | view in thread ]

  22. identicon
    Anonymous Coward, 22 Feb 2016 @ 7:53am

    FBI ruined their only option on purpose to force Apple to create a backdoor.

    link to this | view in thread ]

  23. identicon
    Anonymous Coward, 22 Feb 2016 @ 7:54am

    Re:

    That software protection can be removed by writing new software is not that surprising, however the real backdoor is that the phone can have its software upgraded without the user logging in, or the phone having its content wiped via a factory reset. Just think of what the NSA could do via the TSA with that capability.

    link to this | view in thread ]

  24. icon
    Lord_Unseen (profile), 22 Feb 2016 @ 7:54am

    Re: Re:

    I really hope you're right. I was very disappointed when I heard they could do it in the first place.

    link to this | view in thread ]

  25. icon
    Lord_Unseen (profile), 22 Feb 2016 @ 7:57am

    Re: Re:

    I don't want to think about it. I would hope that Apple has the clamps on their little backdoor, but that seems too much to hope for and now that it's been talked about, several organizations, including the NSA are already working on exploiting it. Hopefully Apple does the smart thing and closes it in later iPhones.

    link to this | view in thread ]

  26. icon
    MadAsASnake (profile), 22 Feb 2016 @ 8:05am

    Re: Re: What about the elephant?

    Who if not the FBI? Certainly not the CIA (extra-territorial), nor NSA (intelligence). Now, preventing these atrocities is in the purview of the FBI and does NOT require spying on the entire citizenry. The point is that all this spying is not stopping this sort of thing, not capable of stopping it, and more likely to create more extremists (something the FBI seems intent on doing directly as well).

    In this case, we see that these TLA's are still siloing themselves and incapable or working together.

    link to this | view in thread ]

  27. icon
    Doug (profile), 22 Feb 2016 @ 8:06am

    Strongest link is encryption

    The strongest link in the chain of data security is encryption. We don't know of a technology that is better at keeping things secret. So, the best security you have is when you have a "key"/password that will decrypt data. (And remember, your data is only secure because/when it is hard to guess or figure out the key.)

    *Anything* else is a weaker link in the chain of security. So relying on features in an OS to protect you is weaker. Unless you and you alone have the key, you can't assume it is secure.

    For Apple to be able to remotely install and update the OS means that any security features they implement can be circumvented, unless you can prevent that process using some form of encryption with your own key. Any other form of security will be weaker.

    So, the strength of your Apply security is directly tied to the strength of Apple's backbone and the laws they/we confront.

    link to this | view in thread ]

  28. icon
    That One Guy (profile), 22 Feb 2016 @ 8:15am

    Re:

    I'm terrified to admit this, but I think what the FBI is asking for is surprisingly restrained and limited. Asking them to remove the passcode limits so they can more efficiently brute-force the thing is almost admirable compared to what they've been asking for. At least they're going to do some work in this thing.

    The mistake is thinking that this is about the phone, that they're doing all of this for a device that's likely to have nothing useful on it(those responsible for the murders destroyed one set of phones, if these ones had anything incriminating they would have been destroyed as well) just so they can be 'thorough'.

    It's not.

    This is all about the precedent, using the most sympathetic case they can find to set the precedent that companies can be forced to decrypt devices and data. They've been 'asking' for requiring companies to cripple encryption so that they can take a peek whenever they feel the desire to, and that got shot down. This is simply another try at the very same thing, except this time they're trying it via the courts, rather than the politicians.

    So no, there's nothing 'admirable' with their request here, it's the same thing they've been trying to get, wrapped up and presented slightly differently.

    link to this | view in thread ]

  29. icon
    Doug (profile), 22 Feb 2016 @ 8:15am

    Control and convenience

    People may now be starting to become aware that they have opted in to a system in which they have traded control and privacy for convenience.

    It is convenient for Apple/Microsoft/Android-device-makers to be able to automatically update software remotely, but the price is that those companies get to their fingers on your device at any/all times.

    If you want security independent of some company like these, the ecosystem must be restructured. It's not a matter of Apple (or whoever) giving you better security; it's a matter of taking security out of Apple's hands.

    link to this | view in thread ]

  30. identicon
    Anonymous Anonymous Coward, 22 Feb 2016 @ 8:19am

    Re: Re: What about the elephant?

    "The FBI never was nor intended to be an intelligence service. Such activities are best left to the CIA and NSA, though admittedly they have their own problems."
    The why is there such a large percentage of the FBI's efforts in counterintelligence?

    link to this | view in thread ]

  31. identicon
    Anonymous Coward, 22 Feb 2016 @ 8:23am

    "The San Bernardino litigation isn't about trying to set a precedent or send any kind of message."

    Would Comey be willing to say that to Congress under oath? Probably, Clapper didn't get arrested.

    link to this | view in thread ]

  32. identicon
    Anonymous Coward, 22 Feb 2016 @ 8:24am

    Re: 'Shame', clearly not in the FBI dictionary

    So he doesn't want to 'let the survivors down' by not chasing every possible lead,

    What is the point?

    We know who committed the murders - and they are both dead.

    That should be enough.

    If you seriously want to go beyond that point then an honest appraisal of their motivations might be in order - but breaking everyone else's privacy in order to trace small-time associates seems irrelevant - unless part of your motivation is actually to suppress debate about the real cause.

    link to this | view in thread ]

  33. icon
    Lord_Unseen (profile), 22 Feb 2016 @ 8:28am

    Re: Re:

    But that's just the thing. Apple isn't crippling the encryption here. It isn't installing a backdoor. The backdoor is already there. That is the real story here. Everybody is concentrating on the FBI angle and completely ignoring the fact that Apple already has the ability to do what they want to your phone, passcode be damned. And now that we know about this ability, you can bet the legality is just an afterthought. The mere knowledge of it is enough that somebody (NSA) is already working on a way to exploit it.

    link to this | view in thread ]

  34. identicon
    Anonymous Coward, 22 Feb 2016 @ 8:42am

    Re: Strongest link is encryption

    If a government can compel a company to write, sign and distribute software to their specifications, then even controlling your own keys is not enough, as they could be compelled to install some form of key-logger.

    link to this | view in thread ]

  35. identicon
    Anonymous Coward, 22 Feb 2016 @ 8:43am

    The FBI isn't forcing anyone, it's the court.

    It's hard to fault the FBI. They're taking the law as far as authorized by a judge. If there's blame to be had it should be on the laws and judicial discretion.

    link to this | view in thread ]

  36. icon
    Blaine (profile), 22 Feb 2016 @ 8:44am

    They will only ask once

    They got a warrant for the first one, to "show they followed the law."

    Then they will be the shining example of restraint and we will never see another request, that's what National Security Letters are for.....

    link to this | view in thread ]

  37. icon
    Richard (profile), 22 Feb 2016 @ 8:44am

    Re: What about 9/11?

    chasing every lead,

    aka locking every stable door.

    link to this | view in thread ]

  38. identicon
    Anonymous Coward, 22 Feb 2016 @ 8:46am

    Re:

    Otherwise rational people seem to be losing their heads over this issue.

    FBI is working within the law. If you object, object to the structures that authorized them to have this power.

    link to this | view in thread ]

  39. identicon
    Anonymous Coward, 22 Feb 2016 @ 9:02am

    Re: Re: What about 9/11?

    chasing every lead,

    Opening every door in the world.

    link to this | view in thread ]

  40. identicon
    Anonymous Coward, 22 Feb 2016 @ 9:04am

    Re: Re:

    Are they, it is a stretch to say that the law can compell a company to create new tools for the to use to break in.

    link to this | view in thread ]

  41. icon
    MarcAnthony (profile), 22 Feb 2016 @ 9:19am

    Re: Conversation

    The "conversation" that the FBI wants to have is like the conversation we've had over the TPP—the one negotiated in secret with the text locked in a guarded room. Similar conversations are had when two wolves and a sheep discuss what's for dinner.

    link to this | view in thread ]

  42. icon
    That One Guy (profile), 22 Feb 2016 @ 9:19am

    Re: Re: Re:

    But that's just the thing. Apple isn't crippling the encryption here. It isn't installing a backdoor. The backdoor is already there.

    Yes and no. The ability to remove the features is there for older versions of the OS assuming someone has the resources to exploit it, and that is a problem to be sure, but that doesn't change the fact that Apple is being 'asked' to remove the security features that they put in place so that the FBI will be able to brute-force the device.

    Back-dooring a service/product doesn't necessarily require one to remove the security protecting it, it just requires one to introduce a feature allowing you to get around the security, and that is very much what is being demanded of Apple here.

    And now that we know about this ability, you can bet the legality is just an afterthought.

    Not to the FBI/DOJ, the 'legality' is the entire point of their actions. There's a significant difference between finding flaws and weaknesses in encryption and getting in that way versus being able to order a company to break the encryption themselves and allow access that way, and the FBI is pushing for the second here.

    link to this | view in thread ]

  43. icon
    beltorak (profile), 22 Feb 2016 @ 9:19am

    Re: The FBI isn't forcing anyone, it's the court.

    So far they haven't been ordered; the court has given Apple 5 days to make a response as to why it would be "too burdensome". I will wait till I hear the court's reasoning on the eventual order (or lack of it) before I start blaming the court system in this case.

    link to this | view in thread ]

  44. identicon
    Anonymous Coward, 22 Feb 2016 @ 9:34am

    Loudest voices

    "We shouldn't drift to a place—or be pushed to a place by the loudest voices..."

    I assume the judge was asked to speak quietly when compelling Apple to do this...

    link to this | view in thread ]

  45. identicon
    Anonymous Coward, 22 Feb 2016 @ 9:39am

    So, to be fair I don't have and Iphone, but, doesn't the user need to agree to download and install new firmware? If so how is the new "proposed" firmware to be loaded if they don't have access to the passcode to agree to the install? Just asking???

    link to this | view in thread ]

  46. icon
    Whatever (profile), 22 Feb 2016 @ 9:43am

    We end up back at the same place:

    1 - Apple has pretty much admitted that there is no back door, but that a failure in the way they made the phones means THEY can update the phone with new firmware that would disable a limited number of security features, making brute force attempts easier

    2 - Apple and Apple alone are the only ones who can update firmware.

    3 - No back door would be created. At the most, it would expose their weak pincode / passcode requirements that make a brute force easily to do.

    I think that the FBI here is being very careful and very restrained and is asking for pretty much as little as possible to help their investigation. They aren't asking for a back door, they will still have to hack the phone to get in. They are asking for arbitrary limits on speed and number of attempts to be disabled. Only Apple can do that, nobody else can - and even if Apple gave other people the code, they wouldn't be able to do anything with it unless they also hacked the Apple updating system.

    Oh, and 4 - apparently putting your data on ICloud makes it much easier for Apple to give to authorities.

    There is a lot of talking on both sides... why not a cynical and slightly angry review of Apple's double speak and careful attempt to spin this into some major back door that will instantly jack open every iphone on the planet?

    link to this | view in thread ]

  47. icon
    Lord_Unseen (profile), 22 Feb 2016 @ 9:45am

    Re:

    Traditionally, that's how it's supposed to work. Go up and look at my earlier comment. Apple apparently has a way to bypass this. So, Apple already has a backdoor and the FBI just wants to use it.

    link to this | view in thread ]

  48. identicon
    Anonymous Coward, 22 Feb 2016 @ 9:47am

    Re: Re: Re:

    You seem to be conflating a 'vulnerability' with a 'backdoor'. There is a security vulnerability in iOS where the firmware can be flashed to some extent without resetting the whole device (how updates are done). What people didn't seem to know was to what extent this was possible, since Apple hopefully is the only one with the keys for signing a firmware upgrade so the phone doesn't reject it.

    If Apple is forced to create this new security crippled firmware version that makes it way easier for the FBI to brute-force the phone (like in hours instead of years), then that is a backdoor in that version of the firmward at that point.

    One of the realizations that I came to this week is the FBI doesn't want Apple to get the content for them, they want them to change the firmware and then hand over the phone. At that point, the FBI has control of a copy of the firmware that they figure they can probably just copy off the changes and then figure out a new vector to place it on any other phone they want to do this to. That part kinda scares me.

    link to this | view in thread ]

  49. icon
    Lord_Unseen (profile), 22 Feb 2016 @ 9:59am

    Re: Re: Re: Re:

    You make a good point. I hadn't even thought about that aspect of what the FBI was asking for. I would like, however, to argue for my use of the word backdoor. To my way of thinking, a backdoor is a vulnerability that the creator knows about and can exploit for their own reasons. Would you agree with this definition? If so, I think this firmware upgrade process fits that definition.

    link to this | view in thread ]

  50. icon
    Whatever (profile), 22 Feb 2016 @ 10:13am

    Re: Re: Re: Re: Re:

    I don't think it's a backdoor, because it still leaves the door firmly shut. The phone would still have to be brute forced, and it will still take weeks or even months to do it. A backdoor would just open it all up and say "here, here's the data".

    link to this | view in thread ]

  51. identicon
    Anonymous Coward, 22 Feb 2016 @ 10:14am

    Re: Re:

    The home edition of Windows 10 includes a forced upgrade capability, that can only be avoided by not connecting it to any network. Was that Microsofts idea, or some TLAs idea?
    Another question, will it continue to work if it cannot phone home?

    link to this | view in thread ]

  52. identicon
    Anonymous Coward, 22 Feb 2016 @ 10:23am

    Re:

    No back door would be created.

    At the most, it would expose their weak pincode / passcode requirements that make a brute force easily to do.

    The definition of a backdoor, per Wikipedia is:

    A backdoor is a method, often secret, of bypassing normal authentication in a product, computer system, cryptosystem or algorithm etc.

    It certainly SEEMS to fit the definition of a backdoor, no?

    Perhaps in all your analysis, you can reconcile for us the difference between what your saying is NOT a backdoor and the definition of a backdoor.

    link to this | view in thread ]

  53. identicon
    Anonymous Coward, 22 Feb 2016 @ 10:31am

    Re: Re: Re:

    "it is a stretch to say"

    That may be the case, but it's ultimately the judges decision not the FBI.

    link to this | view in thread ]

  54. identicon
    Anonymous Coward, 22 Feb 2016 @ 11:07am

    Re:

    They aren't asking for a back door, they will still have to hack the phone to get in.

    And by "hack" you mean inputting 0000-9999?

    Yeah, that's not really hacking.
    Personally, I call it "counting."

    link to this | view in thread ]

  55. icon
    Chronno S. Trigger (profile), 22 Feb 2016 @ 11:08am

    Re: Re: Re:

    They're not trying to get a backdoor into the phone, they're trying to get a backdoor into the law. The phone is only valuable because it was owned by bad people and is encrypted. They can hold the phone up and threaten people with it: "What if this phone has more bad people's information?"

    It's a great way to get people to accept a tiny change in what we accept as reality. It's not breaking the encryption, it's not directly affecting your phone, so it shouldn't be a problem.

    But what about the next phone? This security flaw might be fixed, but that's not going to stop the court from ordering Apple to find another security flaw, and another, and another. Each one pushing just a little harder, stretching what we'll accept just a little more until there are no more security flaws.

    When that happens it's not a large step at all to order Apple to start including these flaws. It's still not breaking encryption, still not directly affecting your phone. The software must be signed using Apple's secure key, so your phone's still safe.

    And thus what we're willing to accept is stretched even further.

    What about the next step after that. All these security flaws still don't address the primary issue, the encryption. Keep a good password on your encryption and you won't ever have a problem with these minor changes. So how long until the FBI or whomever come across a phone that is properly encrypted but could have been used to prevent another 9/11?

    Our acceptance has already been stretched to accept security flaws in our phones, why not weaken encryption so the government can brute force the phone in a few days instead of centuries? Still not directly affecting your phone. Any normal person won't have access to the information required to use the weakness. Even if they did, they don't have access to the hardware the government has and wouldn't be able to crack the encryption in any reasonable amount of time.

    But days delay can kill.

    I could keep hammering this home, but to make a long story short: while the boiling frog story might be inaccurate, the meaning behind it is vary real.

    And it doesn't take an intentional plan to kill of privacy. If what we're willing to accept can change, so can what the government is willing to accept.

    link to this | view in thread ]

  56. icon
    Mike Masnick (profile), 22 Feb 2016 @ 11:15am

    Re: Re: Re: Re: Re: Re:

    it will still take weeks or even months to do it.

    4 character pin will be cracked in minutes.
    6 character pin takes less than a day.

    It's unlikely he had more than that.

    link to this | view in thread ]

  57. icon
    Groaker (profile), 22 Feb 2016 @ 11:16am

    Re: The FBI isn't forcing anyone, it's the court.

    The FBI is so honest and true blue. Among many other crunes, the FBI is telling LEOs that a no disclosure agreement signed with a company has a stronger legal basis than the Constitution, the Bill of Rights, Judges and Juries.

    You may think that is just dandy, but I see these behaviors as worse than merely criminal. They are destructive of the nation as a whole.

    link to this | view in thread ]

  58. identicon
    Anonymous Coward, 22 Feb 2016 @ 11:30am

    Re: Re: Re: Re: Re: Re:

    I don't think it's a backdoor, because it still leaves the door firmly shut.

    It leaves the door firmly shut, by allowing the government to try every possible combination, until the door opens.

    The phone would still have to be brute forced, and it will still take weeks or even months to do it.

    And if by "brute force" you mean "trying every combination from 0000-9999," I'd argue that isn't brute force - that's counting.

    link to this | view in thread ]

  59. identicon
    None Given, 22 Feb 2016 @ 12:19pm

    In his statement Sunday, Comey said the debate over Farook’s phone showed how “awesome new technology ... creates a serious tension between two values we all treasure -- privacy and safety.”

    Urging the public to recall the "innocent Americans" who were victimized, he said it was not up to corporations, nor the FBI, to reconcile those two priorities. “It should be resolved by the American people deciding how we want to govern ourselves in a world we have never seen before,” Comey said.

    To complete his thought, it's time that we amend the First Amendment to give the Federal Government the power to compel speech. Not in the sense that a witness has to recount what he or she has seen in a court of law. They need to be able to force citizens to say the right thing--what the Federal agents know needs to be said for the good of the country and to fight terrorism. There will need to be oversight on the precise script that the citizen must read from. Supervising agent of an FBI field office should be sufficient.

    Separation of powers is also important. We will also need to make sure that the Judiciary also approves what punishments are appropriate to execute on failure to comply. Speech is more often than not time-sensitive, and justice delayed is justice denied. We must think of the victims, and their need for closure.

    Still, though, it's nice to see that Comey recognizes that we need new law to address this situation.

    link to this | view in thread ]

  60. identicon
    None Given, 22 Feb 2016 @ 12:35pm

    This article needed to be titled:

    Comey agrees that the court order is unlawful, and that Congress needs to act.

    link to this | view in thread ]

  61. identicon
    Anonymous Coward, 22 Feb 2016 @ 12:36pm

    Re:

    To complete his thought, it's time that we amend the First Amendment to give the Federal Government the power to compel speech.

    The DOJ already compels the speech of real people, by piling on charges until someone accepts a plea bargain. They are now trying to use public opinion to force a companies speech.

    link to this | view in thread ]

  62. identicon
    Mark Wing, 22 Feb 2016 @ 1:13pm

    If the FBI truly chases down every lead, then it should investigate Comey for abuse of power.

    link to this | view in thread ]

  63. identicon
    Anonymous Coward, 22 Feb 2016 @ 1:21pm

    Re: Can I get another piece of paper?

    Maybe Apple could dig an Apple 1 out of the museum to run the brute force script. That will work until it reaches the numerical of the 8 bit cpu, then you will more paper.

    link to this | view in thread ]

  64. identicon
    Anonymous Coward, 22 Feb 2016 @ 1:23pm

    Re: Re:

    The problem here is not with IOS, as software can always be changed, but rather either the protection is not in firmware, or that the firmware can be reprogrammed. (firmware being software stored in a ROM inside a chip.) This is compounded by the system allowing an update to be applied without any user intervention, which is also a flaw built into windows 10, where Microsoft can force updates.

    link to this | view in thread ]

  65. identicon
    DigDug, 22 Feb 2016 @ 2:34pm

    HLMFTFY

    "FBI Director: We're Only Forcing Apple To Undermine Security Because We Chase Down Every Lead"

    "FBI Director: We're Only Forcing Apple To Undermine Security Because We're Too Stupid To Chase Down Any Leads Except For Those We Create Ourselves. Of the leads we ourselves created in our criminal conspiracies where we trick individuals into following our evil schemes and then pounce on them as if they were the masterminds, we've attained a high 30% chase down rating."

    link to this | view in thread ]

  66. identicon
    Personanongrata, 22 Feb 2016 @ 3:20pm

    FBI Director J. Edgar Comey is a Pliably Supine Lickspittle of the National Security State

    FBI Director: We're Only Forcing Apple To Undermine Security Because We Chase Down Every Lead

    Dear FBI Director J. Edgar Comey what happened to chasing down every lead in regard to the US governments involvement in kidnapping, torture and indefinite detention without charge?

    Dear FBI Director J. Edgar Comey what happened to chasing down every lead in regard to the trillions of US dollars stolen in a control fraud scheme perpetrated by US financial institutions that was aided and abetted by US government sponsored entities such as the Federal Home Loan Mortgage Corporation and the Federal National Mortgage Association?

    Dear FBI Director J. Edgar Comey what about chasing every lead down in regard to the US governments blatant lies that led to the wholly elective non-declared war against Iraq?

    Dear FBI Director J. Edgar Comey there is ample evidence available in the public domain to bring charges in seeking accountability the only thing lacking is the will on part of US law enforcement "officials".

    For turning an institutional blind eye to the crimes listed above FBI Director J. Edgar Comey has exposed himself as another in a long line of political appointees who have completely forsworn their oaths of office in order to increase the power of their bureaucracy at the expense of the US Constitution.

    When the national security state says jump FBI Director J. Edgar Comey unquestioningly responds, "how high"?

    link to this | view in thread ]

  67. icon
    MSC (profile), 22 Feb 2016 @ 5:39pm

    Re:

    I think that the FBI here is being very careful and very restrained and is asking for pretty much as little as possible to help their investigation. They aren't asking for a back door, they will still have to hack the phone to get in. They are asking for arbitrary limits on speed and number of attempts to be disabled. Only Apple can do that, nobody else can - and even if Apple gave other people the code, they wouldn't be able to do anything with it unless they also hacked the Apple updating system.

    The words of the FBI's request sound like they are limited: "We don't want you to crack the encryption, just grease the wheels a bit on helping us guess the password on just this one phone." The problem is that the process of granting this request simply can't be limited to a single device. If they can do it to one phone, they can do it to many millions of phones.

    If they give in then there's absolutely nothing to prevent any magistrate in any jurisdiction (and in any country where Apple does business) from making this same request. It's not hard to imagine Apple being inundated with requests to help get into "just this one phone." Do you honestly feel comfortable with this scenario?

    link to this | view in thread ]

  68. icon
    Whatever (profile), 22 Feb 2016 @ 6:37pm

    Re: Re: Re: Re: Re: Re: Re:

    It depends on the method and speed. If they can do 1 attempt per second, a 6 digit pin code would require 10^6 attempts maximum (minus 10^5, etc). That would be about 11 days. The number drops quickly with any increase in speed.

    If they can wire it up and shoot codes at it a lot quicker, then yes, it's a short thing to do. A fatal flaw that Apple allows for such short pincodes.

    link to this | view in thread ]

  69. icon
    NitroLab (profile), 22 Feb 2016 @ 7:25pm

    Last I checked there were still a lot of witnesses of TWA 800 that still haven't been interviewed by the FBI all these years later. I wonder when Comey will get off his dumb ass and get that taken care of?

    link to this | view in thread ]

  70. icon
    Whatever (profile), 22 Feb 2016 @ 7:29pm

    Re: Re:

    "It certainly SEEMS to fit the definition of a backdoor, no?"

    Nope. The blockages are obstructions to getting to the locked door, not the door itself. A backdoor would be "push here, and poof, the phone is unlocked". After everything they are asking Apple to do, the phone will still be locked.

    link to this | view in thread ]

  71. identicon
    Anonymous Coward, 23 Feb 2016 @ 12:59am

    Re: Re: Re: Re: Re: Re: Re: Re:

    They have followed the example of the banks with cashpoint cards, a short passcode/pin, and a limited number of tries. That has proven so successful that criminals install both stripe readers and a camera to capture the pin. As simply cloning the card is largely a waste of time due to running out of tries oat the pin.
    Limited tries, with increasing delays between tries is a reasonable locking mechanism, and which allows people to use a passcode that they can remember, and what the FBI wants is apple to install a weaker locking mechanism. It like telling a locksmith that he must replace the unpickable lock on a door with a pickable lock, so that the FBI can then open the door.

    link to this | view in thread ]

  72. identicon
    Anonymous Coward, 23 Feb 2016 @ 6:02am

    Re: Re: Re:

    The blockages are obstructions to getting to the locked door, not the door itself.

    I see.

    So the locked door is on the phone.
    And you're arguing that they don't have access to the locked door.
    But they have the phone.
    The whole phone.
    Door and all.

    Actually, I don't see.
    Not at all.

    Because frankly, that argument is pathetic.
    Just. Plain. Shit.

    link to this | view in thread ]

  73. icon
    John Fenderson (profile), 23 Feb 2016 @ 7:02am

    Re: Re: What about the elephant?

    "The FBI never was nor intended to be an intelligence service."

    That's not really true. The FBI has operated as a domestic intelligence service from day 1. It's part of their mandate. The NSA and CIA are not legally allowed to operate domestically -- that's the FBI's jurisdiction.

    link to this | view in thread ]

  74. identicon
    alternatives(), 24 Feb 2016 @ 6:05am

    Re: Re: Conversation

    Similar conversations are had when two wolves and a sheep discuss what's for dinner.

    Too bad the Sheep doesn't speak Wolf so the sheep could equally participate.

    link to this | view in thread ]

  75. identicon
    alternatives(), 24 Feb 2016 @ 6:07am

    Re:

    2 - Apple and Apple alone are the only ones who can update firmware.

    Based on what facts?

    link to this | view in thread ]

  76. identicon
    alternatives(), 24 Feb 2016 @ 6:14am

    Re: Re: Re: Re: Re: Re:

    I don't think

    That is part of the problem.

    it's a backdoor, because it still leaves the door firmly shut.

    And every door is shut until it becomes open. Once open, you now have a hole in your wall. And, if the door is able to be closed and re-locked its like magic - the wall of the home becomes secure once more.

    But hey, who needs a door if you are willing to put a hole in a wall and not care about if anyone notices or cares about the entry.

    A backdoor would just open it all up

    Really? Is that how a home works?

    link to this | view in thread ]

  77. identicon
    alternatives(), 24 Feb 2016 @ 6:18am

    Re: Re: Re: Re: Re: Re: Re:

    4 character pin will be cracked in minutes.

    The last iPad 2 I had and was hired to break into with iOS7 took a day to set up to be able to enter the passcode.

    With manual tools and an open source toolchain.

    link to this | view in thread ]

  78. identicon
    Anonymous Coward, 24 Feb 2016 @ 6:26am

    Re: Re: Re:

    Nope. The blockages are obstructions to getting to the locked door, not the door itself. A backdoor would be "push here, and poof, the phone is unlocked". After everything they are asking Apple to do, the phone will still be locked.

    Objection. Lack of foundation - Whatever is not a credible source.
    Objection. Assumes facts not in evidence.
    Objection. Using definition of terms not agreed to.

    Come on back when you can cite what dictionary you are using to come up with your "colourful" position.

    link to this | view in thread ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.